HexCore8/exploits

# Exploits Exploits and proof-of-concept code from the team at Hacker House. | Filename | Description | | :------------------------------------------: | :------------------------------------------------------------------------------------------------ | | _AirWatchMDMJailbreakBypass.txt_ | Bypass jailbreak detection on mobile device management AirWatch for IOS | | _adobe-psp.tgz_ | Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow PSP bypass (metasploit) | | _aix53l-libc.c_ | AIX 5.3L libc locale environment handling local root exploit | | _aix53l-lquerypv.c_ | AIX 5.3L /usr/sbin/lquerypv local root privilege escalation | | _amanda-amstar.txt_ | Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit | | _amanda-backup.txt_ | Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit | | _applejack.c_ | PonyOS 3.0 & below tty ioctl() kernel local root exploit | | _asus_B1M_projector_root.png_ | ASUS B1M projector remote root command injection (unpatchable) | | _BTCPE.txt_ | British Telecom Huawei UART root access weakness | | _charybdis.tgz_ | Firefox & IE exploits implant dropper for Windows & Linux | | _cisco-asa-sslbypass.py_ | Cisco ASA 8.x & below VPN SSL module Clientless URL-list control bypass | | _cisco-XSS-wget-me.txt_ | Cisco IOS 11.x web interface XSS vulnerability | | _cmd_gpbypass.exe_ | cmd.exe patched to run even when disabled via Group Policy | | _cpg15x-dirtraversal.txt_ | Coppermine 1.5.44 & below directory traversal vulnerability | | _cve-2003-0001.py_ | CVE-2003-0001.py Etherleak information leak exploit, silently fixed in Cisco ASA PSIRT-0669464365 | | _CVE-2012-4681.tgz_ | Oracle Java SE 7 Update 6 & below remote polymorphic exploit (evades PSP) | | _CVE-2014-0160.py_ | Heartbleed mass-scanning proof-of-concept tool | | _cve-2016-1531.sh_ | Exim 4.84-3 local root exploit | | _cve-2019-10149.py_ | Exim between 4.87 & 4.91 local root exploit | | _CVE-2020-0601.xdb_ | XCA database of private keys for trusted CA exploit CVE-2020-0601 | | _CVE-2020-3950.tgz_ | EvilOSX trojan exploit plugin for CVE-2020-3950 VMware Fusion 11.5.2 & below local root | | _cve-2025-21204.zip_ | IIS exploit files PoC for insecure "inetpub" configuration cve-2025-21204 | | _d3_decimator.txt_ | SedSystems D3 decimator multiple vulnerabilities allow for remote root | | _dllpack.tgz_ | MS15-051 / MS15-010 exploits with reflective DLL loading support (hacked from public code) | | _drupal-CVE-2014-3660.py_ | Drupal XXE libxml2 Services exploit | | _dtappgather-poc.sh_ | dtappgather local root exploit proof-of-concept (EXTREMEPARR) | | _fluttershy.py_ | PonyOS 4.0 runtime linker local root exploit | | _FreeBSD-pftp-dirtraversal.txt_ | Peters Anonymous FTP on FreeBSD directory traversal vulnerability | | _getlogin.c_ | Tru64 V5.1B & below getlogin() kernel information leak | | _gionight.py_ | GIO Linux embedded remote root exploit | | _gns3super-osx.sh_ | GNS-3 OS-X local root exploit | | _goodnight.c_ | Linux kernel 2.6.37 & below denial-of-service exploit CVE-2010-4165 | | _heartbleed-bin_ | static bin heartbleed exploit (fun trivia, Large Hadron Collider tested with this code) | | _heartbleed.c_ | Heartbleed exploit using OpenSSL to encrypt the exploit for stealth | | _heartbleed-keyscan.py_ | RSA prime factorization exploit for use with heartbleed | | _hfirixwfcmd.sh_ | SGI IRIX <= 6.5.22 WebForce post-auth Remote Command Injection | | _hfsunsshdx.tgz_ | SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871 | | _hpwhytry.py_ | HP XPe embedded devices remote command execution exploit | | _iis_search.pl_ | IIS WebDAV & Indexing service directory traversal attack | | _inetutils-telnet.txt_ | Multiple BSD based telnet implementations vulnerable to memory corruption. | | _iPwn.tgz_ | IOS default root user "alpine" exploit to harvest data via SSH | | _irix-captest.c_ | SGI IRIX <= 6.5.22 capability hijacking "eip" proof-of-concept (SGI XFS) | | _irix-ftpd-ls.txt_ | SGI IRIX <= 6.5.22 ftpd "/bin/ls" root privilege escalation | | _irix-mediarecorder.txt_ | SGI IRIX <= 6.5.22 CAP_SCHED_MGT "mediarecorder" privilege escalation | | _irix-onyx-syssgi.c_ | SGI IRIX <= 6.5.5 syssgi() Onyx IP19/IP21/IP25 kernel information leak exploit | | _irix-rldx.sh_ | SGI IRIX <= 6.4.x run-time linker file creation exploit | | _irix-runpriv-cap.png_ | SGI IRIX <= 6.5.x screenshot showing "capabilities" exploit via runpriv | | _irix-setsockopt.c_ | SGI IRIX <= 6.5.22 kernel mbuf corruption due to integer signedness comparison | | _irix-syssgi-panic.c_ | SGI IRIX <= 6.5.22 syssgi() SGI_ENUMASHS null ptr kernel panic | | _irix-tapex.c_ | SGI IRIX <= 6.5.22 "tsdaemon" root arbitrary file creation exploit | | _irssi-irc-fuzzer.pl_ | irssi plugin IRC client fuzzing tool | | _jackrabbit.tgz_ | RedStar OS 3.0 Naenara browser exploit | | _jdwp-exploit.txt_ | Java JDWP exploitation for remote code execution | | _Kronos.tgz_ | Java Signed Applet exploit and web management tool | | _lbreakout-exploit.c_ | lbreakout2 PoC exploit for ARM (drops privileges) | | _leehseinloong.cpp_ | Sudoku2 exploit written for Lee Hsien Loong. (.sg PM) | | _linux-ia32.c_ | Linux Kernel 2.6.32 ia32entry emulation x86_64 exploit | | _lotus_exp.py_ | Lotus Domino IMAP4 Server Release 6.5.4 win2k remote exploit | | _mikrotik-jailbreak.txt_ | Mikrotik 6.40 & below "telnet" jailbreak exploit | | _mirc-DoS-Script.ini_ | Mirc 6.12 & 6.11 denial-of-service IRC script | | _mobileiron0day.txt_ | MobileIron Virtual Smartphone Platform local root exploit | | _MobileIronBypass.tgz_ | MobileIron mobile device management jailbreak detection bypass | | _MsTelnetServer_NTLM_Guest.txt_ | Microsoft Telnet Server MS-TNAP Guest Access Restriction Bypass Exploit | | _MsTelnetServer_NTLM_MutualAuth_ConfigIssue_ | Microsoft Telnet Server NTLM Mutual Authentication Configuration Issue | | _mulftpdos.zip_ | Serv-U / G6 / WarFTPD denial-of-service exploit in asm | | _neogeox.txt_ | NeoGeo Gold X games console jailbreak via UART root shell | | _NetBSD-sa-2016-003-howto-abuse-cpp.png_ | NetBSD 6.1.5 calendar local root exploit PoC | | _openbsd-0day-cve-2018-14665.sh_ | OpenBSD 6.4 Xorg local root exploit | | _prdelka-vs-AEP-smartgate.c_ | AEP Smartgate V4.3B arbitrary file download exploit | | _prdelka-vs-APPLE-chpass.sh_ | OS-X 10.6.3 & below chpass arbitrary file creation exploit | | _prdelka-vs-APPLE-ptracepanic.c_ | OS-X 10.6.1 & below ptrace() mutex handling kernel panic | | _prdelka-vs-BSD-ptrace.tar.gz_ | NetBSD 2.1 ptrace() local root exploit | | _prdelka-vs-CISCO-httpdos.zip_ | Cisco IOS 12.2 & below HTTP denial-of-service exploit | | _prdelka-vs-CISCO-vpnftp.c_ | Cisco VPN Concentrator 3000 FTP remote exploit | | _prdelka-vs-GNU-adabas2.txt_ | Adabas D 13.01 SQL injection & directory traversal | | _prdelka-vs-GNU-adabas.c_ | Adabas D 13.01 local root exploit Linux | | _prdelka-vs-GNU-chpasswd.c_ | SquirrelMail 3.1 Change_passwd plugin & below local root exploit | | _prdelka-vs-GNU-citadel.tar.gz_ | Citadel SMTP 7.10 & below remote code execution exploit | | _prdelka-vs-GNU-exim.c_ | Exim 4.43-r2 & below host_aton() local root exploit (Linux) | | _prdelka-vs-GNU-lpr.c_ | Slackware 1.01 stack overflow local root exploit (Linux) | | _prdelka-vs-GNU-mbsebbs.c_ | mbse-bbs 0.70.0 & below local root exploit (Linux) | | _prdelka-vs-GNU-peercast.c_ | PeerCast v0.1216 remote root exploit (linux) | | _prdelka-vs-GNU-sudo.c_ | sudo 1.6.8p9 race condition local root exploit (Linux) | | _prdelka-vs-GNU-tin.c_ | Slackware 1.01 local root exploit (Linux) | | _prdelka-vs-HPUX-libc.c_ | HP-UX 11.11 & below libc local root exploit (hppa) | | _prdelka-vs-HPUX-swask.c_ | HP-UX 11.11 & below swask format string local root exploit (hppa) | | _prdelka-vs-HPUX-swmodify.c_ | HP-UX 11.11 & below swmodify local root exploit (hppa) | | _prdelka-vs-HPUX-swpackage.c_ | HP-UX 11.11 & below swpackage local root exploit (hppa) | | _prdelka-vs-http-fuzz.tar.gz_ | HTTP fuzzing tool & example Savant 3.1 vulnerability | | _prdelka-vs-LINUS-fchown.tar_ | Linux kernel 2.4.x/2.6.6 & below fchown() file ownership exploit | | _prdelka-vs-MISC-massftp.tar.gz_ | Mass scanning ftp exploiter tool | | _prdelka-vs-MS-hotmail.txt_ | Microsoft Hotmail Authentication Bypass vulnerability | | _prdelka-vs-MS-IE-6.0.2800.1106.XPSP1.rar_ | Internet Explorer 6.0 IFRAME Windows XP exploit | | _prdelka-vs-MS-rshd.tar.gz_ | Windows RSH daemon 1.8 & below remote exploit | | _prdelka-vs-MS-winzip.c_ | WinZip 10.0.7245 Win32 & below exploit (the one that angered CERT) | | _prdelka-vs-SCO-enable_ | SCO OpenServer 5.0.7 enable local root exploit | | _prdelka-vs-SCO-netwarex.c_ | SCO OpenServer 5.0.7 netware printing local "lp" exploit | | _prdelka-vs-SCO-ptrace.c_ | SCO Unixware 7.1.3 ptrace() linux kernel emulation local root exploit | | _prdelka-vs-SCO-tcpdos_ | SCO OpenServer 5.0.7 TCP RST denial-of-service exploit | | _prdelka-vs-SCO-termshx.c_ | SCO OpenServer 5.0.7 termsh local gid "auth" exploit | | _prdelka-vs-SGI-xrunpriv_ | SGI IRIX 6.5 runpriv local root exploit | | _prdelka-vs-SUN-sysinfo.c_ | Solaris 10 sysinfo() local kernel memory information leak | | _prdelka-vs-SUN-telnetd.c_ | Solaris in.telnetd 8.0 & 7.0 remote exploit (sparc) | | _prdelka-vs-SUN-virtualbox.sh_ | Sun VirtualBox 3.0.6 local root exploit | | _prdelka-vs-THC-vmap_ | THC vmap DoS exploit | | _prdelka-vs-UNIX-permissions.tar.gz_ | UNIX file permissions generic directory exploit | | _r00t2.tgz_ | Linux kernel 2.6.29 ptrace_attach() ported to ARM for "google phone" | | _rainbowdash.tgz_ | PonyOS 3.0 & below kernel ELF loader local root exploit | | _rarity.c_ | PonyOS 3.0 VFS file permissions local root exploit | | _raspbian.txt_ | Raspbian vulnerabilities for sgid "games" | | _redstar2.0-localroot.png_ | RedStar OS 2.0 local root privilege escalation exploit | | _redstar3.0-localroot.png_ | RedStar OS 3.0 local root privilege escalation exploit | | _rshx.c_ | rsh exploit - inject commands via rsh | | _rsshellshock.py_ | RedStar OS server BEAM & RSSMON shellshock exploit | | _s7300cpustart.py_ | Siemens S7-300 PLC CPU start command | | _s7300stop.py_ | Siemens S7-300 PLC CPU stop command | | _shoryuken.c_ | Linux kernel 2.6.29 ptrace_attach() local root race condition exploit | | _skyexp.py_ | Sky 1.5 Sagem F@ST 2504 router infoleak & remote command injection | | _smartmaildos.tgz_ | Smartmail 10.x pop3 & SMTP denial-of-service exploits (in ASM) | | _sp-email.py_ | Sharepoint username enumeration exploit | | _spiltmilk.c_ | Linux kernel 2.6.37-rc1 & below serial_core TIOCGICOUNT information leak exploit | | _ssh-dsa1024-rsa2048-keys-CVE-2008-0166.tgz_ | Debian SSH insecure 'prng' SSH keys (released during Manchester riots) | | _sun-su-bug.txt_ | Solaris 10 'su' local NULL pointer vulnerability CVE-2010-3503 | | _systemd-run-tty.txt_ | Systemd insecure pty allocation vulnerability | | _telnet_term_0day.py_ | Multiple BSD-based telnet.c IAC malformed options remote crash | | _timecrime.c_ | TCP timestamp extensions, information leak exploit (timecrime) from RFC1323/RFC7323 | | _trendmicro_IWSVA_shellshock.py_ | TrendMicro InterScan Web Security Virtul Appliance shellshock exploit | | _UNICOS-cray.txt_ | Cray UNICOS 9.0 local root vulnerabilities & shellcode PoC | | _vncscan.py_ | RealVNC auth bypass CVE-2006-2369 scanner | | _vxlgiobye.py_ | VXL Gio Linux remote command execution exploit | | _w32-fps.txt_ | Microsoft Frontpage Personal WebServer ver 3.0.2.926 exploit | | _w32-grpconv.txt_ | Windows XP SP1 grpconv.exe buffer overflow | | _w32-netcat.tgz_ | "netcat" buffer overflow for Windows 98 exploit | | _w32-netcat.txt_ | "netcat" buffer overflow for Windows 98 advisory | | _w32-progman.txt_ | Windows XP "progman" buffer overflow | | _winnuke2011.sh_ | MS11-083 Win7/Vista/2008 ICMP refCount denial-of-service flaw | | _wysewig.py_ | Wyse embedded XP remote SYSTEM command execution exploit | | _xclm-exploit.c_ | Microchip XC local root exploit (Linux) (installed by defcon 26 attendees) | | _zte-emode.txt_ | ZTE Blade Vantage Z839 Emode.APK android.uid.system LPE exploit | These files are available under the 3-clause BSD license.

标签：客户端加密